He can't be trusted. The people who verify the alerts generated by one of the tools I listed shoudn't be the same people that do the administration of the servers/firewalls...
This isn't about paranoia. This is about protecting the integrity of your systems. Today there's to much focus on just "the firewall" when it comes to security. For me "The firewall" is perhaps 10% of a security infrastructure. (okay 15% if it has app. intelligence. :-)) Anyway, this isn't the place to discuss things like these. Kr. Robby On 10/12/06, no-need to-list <[EMAIL PROTECTED]> wrote:
WOW....that raising the level of paranoia to a whole new level....but is a good idea. Now let raise it a little more....how can we trust that the trusted (admininistrator) can be trusted? ----- Original Message ---- From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: [email protected] Sent: Wednesday, October 11, 2006 8:03:19 AM Subject: Re: [FW-1] database integrity checking tool? Hi, - tripwire (binary available for nokia) - aide - samhain - osiris will allow you to check the integrity of you whole management server. Including the CP database (on file level) and config files. I still don't understand why (securtiy) people don't use these tools. Without one of these tools it's impossible to verify if someone has been "playing" on one of your systems. Kr. Robby On 10/11/06, Nick Whitworth <[EMAIL PROTECTED]> wrote: > Does anyone know of any tool for checking the integrity of databases on > an NGX (R60) management station? > > Thanks > Nick Whitworth > > > > > This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. > Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies within the Detica Group plc group of companies. > > Detica Limited is registered in England under No: 1337451. > > Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England. > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
